Overview

overview

10

Static

static

a9eec79808...98.exe

windows7_x64

10

a9eec79808...98.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9eec798087fd2cbb1968044963f675a480cf5f6867dfddd7108b5b073c84898

  • Size

    98KB

  • Sample

    210508-rf225d5rwn

  • MD5

    cd1a70fc9e006494a67c2e70981651c9

  • SHA1

    1dee7ceb1f8e915f7a62736eb60e1ef84e4c2933

  • SHA256

    a9eec798087fd2cbb1968044963f675a480cf5f6867dfddd7108b5b073c84898

  • SHA512

    50c34689b8249999480fa2889e84f06f5bf2683bef246ce5f898f907e92d9eb208744cba15a599a9a531b48ef987ffcd486909716d0fb056f02ef6431e067c37

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Targets

    • Target

      a9eec798087fd2cbb1968044963f675a480cf5f6867dfddd7108b5b073c84898

    • Size

      98KB

    • MD5

      cd1a70fc9e006494a67c2e70981651c9

    • SHA1

      1dee7ceb1f8e915f7a62736eb60e1ef84e4c2933

    • SHA256

      a9eec798087fd2cbb1968044963f675a480cf5f6867dfddd7108b5b073c84898

    • SHA512

      50c34689b8249999480fa2889e84f06f5bf2683bef246ce5f898f907e92d9eb208744cba15a599a9a531b48ef987ffcd486909716d0fb056f02ef6431e067c37

    Score
    10/10
    tinbabankerpersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks